Bitcoin Forum
December 11, 2016, 04:29:42 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Client wallet handling  (Read 1239 times)
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
January 09, 2011, 01:35:43 PM
 #1

Hey guys, I had some fairly simple (imho) ideas for ways to handle wallets more securely in the future. Let me know what you think. Has this been discussed already?

Users should be able to manage multiple wallets.
The client should not open a default wallet when starting, just act as a node.
Wallets should be encrypted.
Users should be prompted for the password when opening a wallet.
When new addresses are generated, an encrypted backed should be copied to user defined locations.
1481430582
Hero Member
*
Offline Offline

Posts: 1481430582

View Profile Personal Message (Offline)

Ignore
1481430582
Reply with quote  #2

1481430582
Report to moderator
1481430582
Hero Member
*
Offline Offline

Posts: 1481430582

View Profile Personal Message (Offline)

Ignore
1481430582
Reply with quote  #2

1481430582
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481430582
Hero Member
*
Offline Offline

Posts: 1481430582

View Profile Personal Message (Offline)

Ignore
1481430582
Reply with quote  #2

1481430582
Report to moderator
Mike Hearn
Legendary
*
expert
Offline Offline

Activity: 1526


View Profile
January 09, 2011, 11:03:29 PM
 #2

Why? None of that will stop a virus that is written to steal your coins.

I think we have to accept that there's no way to use BitCoin securely from a malware infected computer at the moment and there probably won't ever be. If you want to use BitCoin from a possibly compromised machine you need to do it via a 2-factor protected mybitcoin style site in which the wallet is held remotely and transactions are signed using some kind of electronic signing calculator (see CAP).
davux
Sr. Member
****
Offline Offline

Activity: 289


Firstbits.com/1davux


View Profile WWW
January 09, 2011, 11:16:46 PM
 #3

Why? None of that will stop a virus that is written to steal your coins.

Security doesn't limit itself to protection against viruses.

I think we have to accept that there's no way to use BitCoin securely from a malware infected computer at the moment and there probably won't ever be.

There's no way to do anything securely. Security is not a binary value. The point is enhancing the default security level that the Bitcoin program provides.

1DavuxH9tLqU4c7zvG387aTG4mA7BcRpp2
México (Oaxaca) – France - Leeds
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
January 09, 2011, 11:44:08 PM
 #4

Why? None of that will stop a virus that is written to steal your coins.

I think we have to accept that there's no way to use BitCoin securely from a malware infected computer at the moment and there probably won't ever be. If you want to use BitCoin from a possibly compromised machine you need to do it via a 2-factor protected mybitcoin style site in which the wallet is held remotely and transactions are signed using some kind of electronic signing calculator (see CAP).

Right now, even if the Bitcoin client is not running, your wallet is stored unencrypted. There's no reason to make it that easy to steal your wallet. The changes I proposed would allow the client to handle multiple wallets in a manner that is more secure than the current handling of a single wallet. For instance, I've been working on a wallet manager that stores the wallet(s) encrypted, and only decrypts it to launch the Bitcoin client. The problem with this is that you cannot run as a node while also keeping your wallets securely stored. (Aside... I just realized a potential workaround - let the client create a new wallet instead of using one of the user's.)

There's no way to do anything securely. Security is not a binary value. The point is enhancing the default security level that the Bitcoin program provides.
Right on.
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
January 10, 2011, 08:20:48 AM
 #5

Why? None of that will stop a virus that is written to steal your coins.

Security doesn't limit itself to protection against viruses.

This is a good point.

Ok, viruses can steal bitcoins even if the wallet is encrypted. But an unencrypted wallet is much more vulnerable than that. Any asshole that happens to have access to your computer may steal them from you. This may vary from an angry-ex-(girl|boy)friend to a computer technician who was there just to fix something...

Anyway, currently only geeks use the client, so this is not a big issue. But if we want to go mainstream, we need more security/safety features. The simple fact that the client doesn't ask confirmation before sending a transfer for example is quite dangerous... a typo and you can get screwed!

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
Mike Hearn
Legendary
*
expert
Offline Offline

Activity: 1526


View Profile
January 10, 2011, 10:45:52 AM
 #6

Anyone with access to your computer can just install a program that steals your wallet anyway. They wouldn't have to write it themselves. It only takes one person to write a point-and-click wallet stealer app and you're done. It'd just sit in the background and wait until you type in your password, then extract and send the keys to whomever ran it.

I hear the argument about raising the bar. I've used similar arguments many times myself. Bar raising can work and be useful in cases where there are many attackers who aren't communicating, and it doesn't really matter if you lose (as long as you don't lose most of the time). Spam filtering, credit card fraud and things like that are a good example.

I don't think it applies in this case. BitCoin and a program trying to steal your wallet compete on a level playing field. You can't raise the bar. If you get a virus on your computer designed to steal BitCoins you WILL lose your wallet and there's nothing you can do about it, no matter what kind of password protection or encryption you implement. It really is that trivial.



theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2506


View Profile
January 10, 2011, 10:51:45 AM
 #7

If you encrypt only part of your wallet and don't open that section very often, then you may discover and remove the malware before it has a chance to steal everything. Especially since the malware will probably steal the unencrypted portion.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
January 10, 2011, 06:05:18 PM
 #8

If you encrypt only part of your wallet and don't open that section very often, then you may discover and remove the malware before it has a chance to steal everything. Especially since the malware will probably steal the unencrypted portion.
That's one of the reasons I would like to allow multiple wallets, so that you could have your "savings" wallet that you rarely have to open, which would make it more secure.

I've actually got my wallet manager app working now with "dummy" wallets, which it allows Bitcoin to create and then deletes afterward. This is to allow Bitcoin to continue running and contribute to the network without exposing your decrypted wallet for that period of time.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!